diff options
author | cperciva <cperciva@FreeBSD.org> | 2006-02-08 06:52:15 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2006-02-08 06:52:15 +0000 |
commit | b14cd9989e45914ce34f0b31ecc31a16337e76c0 (patch) | |
tree | a9d91a4aef336ec1fe63a8775d2c0f15dd851482 /sbin/gbde/gbde.8 | |
parent | b07370a680650f0c83bc96ab16d2c401638a2190 (diff) | |
download | FreeBSD-src-b14cd9989e45914ce34f0b31ecc31a16337e76c0.zip FreeBSD-src-b14cd9989e45914ce34f0b31ecc31a16337e76c0.tar.gz |
Teach gbde(8) to use a key file in addition to a passphrase. This
makes it practical to use GBDE for "something you have plus something
you know" security together with a USB flash drive.
Reviewed by: phk
MFC after: 7 days
Diffstat (limited to 'sbin/gbde/gbde.8')
-rw-r--r-- | sbin/gbde/gbde.8 | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/sbin/gbde/gbde.8 b/sbin/gbde/gbde.8 index fe3d55d..d9994ea 100644 --- a/sbin/gbde/gbde.8 +++ b/sbin/gbde/gbde.8 @@ -41,6 +41,7 @@ .Nm .Cm attach .Ar destination +.Op Fl k Ar keyfile .Op Fl l Ar lockfile .Op Fl p Ar pass-phrase .Nm @@ -51,25 +52,30 @@ .Ar destination .Op Fl i .Op Fl f Ar filename +.Op Fl K Ar new-keyfile .Op Fl L Ar new-lockfile .Op Fl P Ar new-pass-phrase .Nm .Cm setkey .Ar destination .Op Fl n Ar key +.Op Fl k Ar keyfile .Op Fl l Ar lockfile .Op Fl p Ar pass-phrase +.Op Fl K Ar new-keyfile .Op Fl L Ar new-lockfile .Op Fl P Ar new-pass-phrase .Nm .Cm nuke .Ar destination .Op Fl n Ar key +.Op Fl k Ar keyfile .Op Fl l Ar lockfile .Op Fl p Ar pass-phrase .Nm .Cm destroy .Ar destination +.Op Fl k Ar keyfile .Op Fl l Ar lockfile .Op Fl p Ar pass-phrase .Sh DESCRIPTION @@ -180,6 +186,24 @@ Be aware that using this option may expose the pass-phrase to other users who happen to run .Xr ps 1 or similar while the command is running. +.Pp +The +.Fl k Ar keyfile +argument specifies a key file to be used in combination with the +pass-phrase (whether the pass-phrase is specified on the command line +or entered from the terminal) for opening the device. +The device will only be opened if the contents of the key file and the +pass-phrase are both correct. +.Pp +The +.Fl K Ar new-keyfile +argument can be used to specify a new key file to the +.Cm init +and +.Cm setkey +subcommands. +If not specified, no key file will be used (even if one was previously +used). .Sh EXAMPLES To initialize a device, using default parameters: .Pp |